ProHoster > Blog > internet nhau > Backdoor mu93 AccessPress plugins uye madingindira anoshandiswa pa360 zviuru masaiti

Backdoor mu93 AccessPress plugins uye madingindira anoshandiswa pa360 zviuru masaiti

Varwisi vakakwanisa kuisa backdoor mumaplugins makumi mana nematatu uye mathemes makumi mashanu nematatu ehurongwa hwekugadzirisa zviri mukati. WordPress, yakagadzirwa neAccessPress, iyo inoti ma add-ons ayo anoshandiswa pamawebhusaiti anopfuura 360. Mhedzisiro yekuferefeta kwechiitiko ichi haisati yaburitswa, asi zvinofungidzirwa kuti kodhi iyi yakaipa yakaunzwa panguva yekubvumirana kwewebhusaiti yeAccessPress, ichichinja maarchive anogona kudhawunirodhwa emavhezheni akaburitswa kare. Backdoor iripo chete mukodhi yakagoverwa kuburikidza newebhusaiti yepamutemo yeAccessPress, asi haipo muma add-on akafanana akaburitswa kuburikidza nekatalogu. WordPress.org.

Kuvapo kwekuchinja kwakaipa kwakawanikwa nemuongorori weJetPack (chikamu cheAutomatic, kambani inovaka WordPress) panguva yekuferefetwa kwekodhi yakaipa yakawanikwa pane imwe yemawebhusaiti evatengi. Ongororo yemamiriro ezvinhu yakaratidza kuti shanduko dzakaipisisa dzaivapo mu WordPress- add-on yakatorwa kubva pawebhusaiti yepamutemo yeAccessPress. Zvimwe zvinhu zvinobva kumutengesi mumwe chete zvakawanikwawo zvichigona kugadziriswa zvisina kunaka, zvichibvumira mukana wakazara wekuwana webhusaiti iyi nekodzero dzemutariri.

Munguva yekushandurwa, vapambi vakawedzera "initial.php" faira kune plugin uye theme archives, iyo yavakabatanidza kuburikidza ne "include" kuraira mu "functions.php" faira. Kuti vavhare makwara avo, izvo zvakashata zviri mu "initial.php" zvakavezwa sebase64-encoded block yedata. Iyo yakashata yekuisa, yakavharwa semufananidzo kubva wp-theme-connect.com, yakatakura backdoor kodhi yakananga muwp-includes/vars.php faira.

Backdoor mu93 AccessPress plugins uye madingindira anoshandiswa pa360 zviuru masaiti
Backdoor mu93 AccessPress plugins uye madingindira anoshandiswa pa360 zviuru masaiti

Mawebhusaiti ekutanga aisanganisira shanduko dzakaipisisa muAccessPress add-ons akawanikwa munaGunyana 2021. Zvinofungidzirwa kuti pane backdoor yakaiswa muadd-ons panguva iyoyo. Chiziviso chekutanga cheAccessPress nezvedambudziko iri hachina kupindurwa, uye AccessPress yakangowana kutariswa mushure mekubatanidza timu kuti iongorore. WordPress.org. Musi wa15 Gumiguru, 2021, zvinyorwa zvakachengetwa kumashure zvakabviswa pawebhusaiti yeAccessPress, uye shanduro itsva dzezvinyorwa zvakaburitswa musi wa17 Ndira, 2022.

Sucuri yakaongorora zvakasiyana mawebhusaiti ane vhezheni dzakakanganisika dzeAccessPress dzakaiswa ikawana mamodules akashata akatorwa kuburikidza nebackdoor aitumira spam uye akadzosera traffic kune mawebhusaiti ehutsotsi (mamodule aive e2019 na2020). Zvinotendwa kuti vanyori vekumashure vaitengesa kupinda kune mawebhusaiti akakanganiswa.

Themes uko backdoor substitution yaonekwa:

  • accessbuddy 1.0.0
  • accesspress-basic 3.2.1
  • accesspress-lite 2.92
  • accesspress-mag 2.6.5
  • accesspress-parallax 4.5
  • accesspress-ray 1.19.5
  • accesspress-mudzi 2.5
  • accesspress-staple 1.9.1
  • accesspress-chitoro 2.4.9
  • agency-lite 1.1.6
  • aplite 1.0.6
  • bingle 1.0.4
  • blogger 1.2.6
  • kuvaka-lite 1.2.5
  • doko 1.0.27
  • vhenekera 1.3.5
  • fashstore 1.2.1
  • kutora mifananidzo 2.4.0
  • gaga-Corp 1.0.8
  • gaga-lite 1.4.2
  • imwe-paze 2.2.8
  • parallax-blog 3.1.1574941215
  • parallaxsome 1.3.6
  • punte 1.1.2
  • Revolve 1.3.1
  • Ripple 1.2.0
  • scrollme 2.1.0
  • sportsmag 1.2.1
  • storevilla 1.4.1
  • swing-lite 1.1.9
  • the-launcher 1.3.2
  • the-monday 1.4.1
  • uncode-lite 1.3.1
  • unicon-lite 1.2.6
  • vmag 1.2.7
  • vmagazine-lite 1.3.5
  • vmagazine-nhau 1.0.5
  • ziggy-mwana 1.0.6
  • zigcy-cosmetics 1.0.5
  • zigcy-lite 2.0.9

Plugins uko backdoor inotsiva yakaonekwa:

  • accesspress-anonymous-post 2.8.0 2.8.1 1
  • accesspress-custom-css 2.0.1 2.0.2
  • accesspress-custom-post-type 1.0.8 1.0.9
  • accesspress-facebook-auto-post 2.1.3 2.1.4
  • accesspress-instagram-feed 4.0.3 4.0.4
  • accesspress-pinterest 3.3.3 3.3.4
  • accesspress-social-counter 1.9.1 1.9.2
  • accesspress-social-icons 1.8.2 1.8.3
  • accesspress-social-login-lite 3.4.7 3.4.8
  • accesspress-social-share 4.5.5 4.5.6
  • accesspress-twitter-auto-post 1.4.5 1.4.6
  • accesspress-twitter-feed 1.6.7 1.6.8
  • ak-menu-icons-lite 1.0.9
  • ap-shamwari 1.0.7 2
  • ap-contact-fomu 1.0.6 1.0.7
  • ap-custom-testimonial 1.4.6 1.4.7
  • ap-mega-menu 3.0.5 3.0.6
  • ap-pricing-tables-lite 1.1.2 1.1.3
  • apex-notification-bar-lite 2.0.4 2.0.5
  • cf7-chitoro-ku-db-lite 1.0.9 1.1.0
  • comment-dible-accesspress 1.0.7 1.0.8
  • nyore-side-tab-cta 1.0.7 1.0.8
  • everest-admin-theme-lite 1.0.7 1.0.8
  • everest-coming-soon-lite 1.1.0 1.1.1
  • everest-comment-rating-lite 2.0.4 2.0.5
  • everest-counter-lite 2.0.7 2.0.8
  • everest-faq-maneja-lite 1.0.8 1.0.9
  • everest-gallery-lite 1.0.8 1.0.9
  • everest-google-places-reviews-lite 1.0.9 2.0.0
  • everest-review-lite 1.0.7
  • everest-tab-lite 2.0.3 2.0.4
  • everest-timeline-lite 1.1.1 1.1.2
  • inline-call-to-chiito-muvaki-lite 1.1.0 1.1.1
  • product-slider-for-woocommerce-lite 1.1.5 1.1.6
  • smart-logo-showcase-lite 1.1.7 1.1.8
  • smart-scroll-posts 2.0.8 2.0.9
  • smart-scroll-to-top-lite 1.0.3 1.0.4
  • total-gdpr-compliance-lite 1.0.4
  • yakazara-timu-lite 1.1.1 1.1.2
  • yekupedzisira-munyori-bhokisi-lite 1.1.2 1.1.3
  • yekupedzisira-fomu-muvaki-lite 1.5.0 1.5.1
  • woo-badge-designer-lite 1.1.0 1.1.1
  • wp-1-slider 1.2.9 1.3.0
  • wp-blog-maneja-lite 1.1.0 1.1.2
  • wp-comment-designer-lite 2.0.3 2.0.4
  • wp-cookie-mushandisi-ruzivo 1.0.7 1.0.8
  • wp-facebook-review-showcase-lite 1.0.9
  • wp-fb-mutumwa-bhatani-lite 2.0.7
  • wp-inoyangarara-menyu 1.4.4 1.4.5
  • wp-media-maneja-lite 1.1.2 1.1.3
  • wp-popup-mabhena 1.2.3 1.2.4
  • wp-popup-lite 1.0.8
  • wp-chigadzirwa-gallery-lite 1.1.1

Source: opennet.ru

Tenga inovimbika yekutambira kwemasaiti ane DDoS dziviriro, VPS VDS maseva 🔥 Tenga webhusaiti yakavimbika ine dziviriro yeDDoS, maseva eVPS VDS | ProHoster